package com.adam.springsecurity;

import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.servlet.ModelAndView;

//优先级高于MyAccessDeniedHandler
@ControllerAdvice
public class GlobalExceptionHandler {

    @ExceptionHandler(AccessDeniedException.class)
    @ResponseStatus(HttpStatus.FORBIDDEN)
    public ModelAndView handleAccessDeniedException(AccessDeniedException exception) {
        ModelAndView modelAndView = new ModelAndView("error403");
        modelAndView.addObject("err", exception.getClass().getName() + ":" + exception.getMessage());
        return modelAndView;
    }

}